Bitcoin Forum
September 25, 2018, 06:32:37 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6]  All
  Print  
Author Topic: Bitmessage - Alternativa decentralizzata all'email  (Read 26847 times)
picchio
Legendary
*
Offline Offline

Activity: 1708
Merit: 1012



View Profile
February 13, 2018, 11:23:38 PM
 #101

Segnalo
Quote
A RCE vulnerability was found in Bitmessage. Shut down any BM software immediately. You're fine if you don't use BM.
https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9#comments
Compare nelle news di questo forum.


 
 
           ▄████▄
         ▄████████▄
       ▄████████████▄
     ▄████████████████▄
    ████████████████████      ▄█▄                 ▄███▄                 ▄███▄                 ▄████████████████▀   ▄██████████

  ▄▄▄▀█████▀▄▄▄▄▀█████▀▄▄▄     ▀██▄             ▄██▀ ▀██▄             ▄██▀ ▀██▄             ▄██▀                   ██
▄█████▄▀▀▀▄██████▄▀▀▀▄█████▄     ▀██▄         ▄██▀     ▀██▄         ▄██▀     ▀██▄         ▄██▀        ▄█▄          ▀██████████████▄
████████████████████████████       ▀██▄     ▄██▀         ▀██▄     ▄██▀         ▀██▄     ▄██▀          ▀█▀                        ██
 ▀████████████████████████▀          ▀██▄ ▄██▀             ▀██▄ ▄██▀     ▄█▄     ▀██▄ ▄██▀                                       ██
   ▀████████████████████▀              ▀███▀                 ▀███▀       ▀█▀       ▀███▀      ▄███████████████████████████████████▀
     ▀████████████████▀
       ▀████████████▀
         ▀████████▀
           ▀████▀
║║


║║
.
.

║║
██
║║
.
.

║║
██
║║
.
║║


║║
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537857157
Hero Member
*
Offline Offline

Posts: 1537857157

View Profile Personal Message (Offline)

Ignore
1537857157
Reply with quote  #2

1537857157
Report to moderator
(A)social
Hero Member
*****
Offline Offline

Activity: 627
Merit: 500


View Profile WWW
February 14, 2018, 08:58:20 AM
 #102

Segnalo
Quote
A RCE vulnerability was found in Bitmessage. Shut down any BM software immediately. You're fine if you don't use BM.
https://github.com/Bitmessage/PyBitmessage/commit/3a8016d31f517775d226aa8b902480f4a3a148a9#comments
Compare nelle news di questo forum.

Aggiungo:
https://bitmessage.org/wiki/Main_Page

"A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected. We will release binary files for Windows and macOS tomorrow (2018-02-14). In the mean time, users who use binaries should downgrade to 0.6.1 using the links below.

Bitmessage developer Peter Šurda's Bitmessage addresses are to be considered compromised.

We greatly apologize for the issue and we hope to release more information as it becomes available.
"

BTC: 1ASociaLbBZzBUR8hSw8CryajncADsR1m6 - Bitmessage: BM-orfFdAgAmtnBokTivq3vj1RtSVtXbrftM
OpenBazaar Store: https://duosear.ch/84de25a152307b93f14d784852d7c88a23081f20
cinziamonforte66
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
February 19, 2018, 11:10:24 AM
 #103

spero che la vulnerabilita venga fixata, peccato era un progetto davvero utile ed interessante
blockaudit
Jr. Member
*
Offline Offline

Activity: 34
Merit: 2

Helping the blockchain world build secure++ stuff!


View Profile WWW
April 03, 2018, 06:38:19 PM
 #104

(Apologies for the EN)

Code:
-        classBase = eval(data[""] + "." + data[""].title())
-    except NameError:
-        logger.error("Don't know how to handle message type: \"%s\"", data[""])
+        m = import_module("messagetypes." + data[""])
+        classBase = getattr(m, data[""].title())
+    except (NameError, ImportError):
+        logger.error("Don't know how to handle message type: \"%s\"", data[""], exc_info=True)

Yes, eval() is quite dangerous to use in almost any context other than on static, internal data. Definitely not safe to use on anything tainted by user input.

Looking at their security tagged issues, Firejail looks like a good step in the direction in general for sandboxing interactions:

https://github.com/Bitmessage/PyBitmessage/labels/security

https://www.blockaudit.org
domenico.56
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
April 27, 2018, 01:17:19 PM
 #105

è ancora valido come sistema?Leggevo di un bug di sicurezza sapete se è stato fixato?
HostFat
Moderator
Legendary
*
Offline Offline

Activity: 2940
Merit: 1068


I support freedom of choice


View Profile WWW
April 28, 2018, 03:07:40 AM
 #106

Si, è stato sistemato.
Assicurati di usare l'ultima versione.

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
domenico.56
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
April 28, 2018, 01:15:57 PM
 #107

Grazie x l'informazione buono a sapersi...Utilizzerò l'ultima versione!
klgeroghei
Newbie
*
Offline Offline

Activity: 31
Merit: 0


View Profile
July 26, 2018, 07:37:42 AM
 #108

Sento che Bitmessage è bello perché usa le prove di lavoro di tipo bitcoin per i messaggi, ma piuttosto ha sostituito le gerarchie di posta elettronica.
Very cool!  Cheesy
international.off
Member
**
Offline Offline

Activity: 364
Merit: 14


View Profile
July 26, 2018, 02:35:38 PM
 #109

Qualcuno ha il link della ultima release?

Banca: ■ Fidor Bank ▬ Carte:  ■ Wirex
HostFat
Moderator
Legendary
*
Offline Offline

Activity: 2940
Merit: 1068


I support freedom of choice


View Profile WWW
July 26, 2018, 05:24:17 PM
 #110

Qualcuno ha il link della ultima release?
https://github.com/Bitmessage/PyBitmessage/releases

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
international.off
Member
**
Offline Offline

Activity: 364
Merit: 14


View Profile
July 26, 2018, 09:23:26 PM
 #111


Grazie

Banca: ■ Fidor Bank ▬ Carte:  ■ Wirex
Pages: « 1 2 3 4 5 [6]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!